Default security settings
niedziela, 18 Luty 2007, michuk
What is the easiest way to get a bunch of unforgettable moments with your Windows-powered computer? Simply do nothing! Here you have some detailed instructions for that:
- Install the Windows OS (version doesn’t matter) or better let your computer company which sold you the hardware do it for you (they are professionals!)
- Connect to the Internet (big „e” icon next to the „Start” menu).
- Surf the favorite websites for a while.
- Download some e-mail using Outlook Express (the other icon next to big „e”).
- Don’t install any applications like a firewall or antivirus software – you are just a regular user, so don’t mess with it, it’s evil. Some of your friends installed it and now their computers work twice as slow as before. You’ve been warned.
- Avoid all so called „security patches” (whatever they are). Your system has been installed by a professional so there is no reason to mess with the settings – you can only break things. They say Windows is secure anyway, so why bother with the patches?
- Remember that you should perform all your actions as the Administrator (the default login). Well, whatever, you probably do it anyway, unaware of this fact.
- After a few days (or weeks if you’re lucky) call your IT friend and complain that „your computer doesn’t work”. If he asks what happened, say the truth („I did nothing”). When he says he can’t help, call him a loser (he’s a computer engineer so he should know solutions, right?) and call the service.
- Do not panic when they say nothing can be done. Reinstall your OS or pay them to do it and start all over again. This time it will surely go better!
Sounds dramatic? Perhaps a little unrealistic? But wait… isn’t it what Microsoft delivers as the default settings recommended for unaware home computer users? Is it possible that the default configuration of the most popular operating system created by the most powerful IT company in the history is so insecure?? How can it be, that before connecting to the Internet, one needs to install multiple software packages just not to get hacked or infected with malware in a couple of minutes? Finally, how is it possible that hobbyists who develop Debian, Fedora or OpenBSD managed to produce systems secure by design and a professional IT company couldn’t achieve even a reasonable level of security for so many years? Honestly, it’s one of the greatest mysteries of our days…
So, how do others do it?
What’s the difference between the security policy of Microsoft compared to GNU/Linux and even better, BSD systems? It’s the defaults, idiot! Technologically, both systems can provide a similar level of security, actually. The difference is that most GNU/Linux distros make it much easier to have a secure OS by providing reasonable default settings, usually secure enough for home computer users. Here are just a few examples to illustrate what I am talking about:
- Firewall is installed and configured by default – all unused ports are blocked, which makes it a lot harder for malicious software to damage our OS,
- Forcing the user to log in using an unprivileged account – this protects us from accidentally installing a virus or other type of malware software. If we don’t have the permission to do it, apps we run (which may have security holes) do not have this permission either,
- Easy installation of complex security patches, not only to the kernel of the OS but for all installed applications (and the apps tend to have many more holes than the kernel),
- Promoting the best apps for a task, not the ones created by some friendly company. This helps to develop a healthy competition, even Redhat uses Novell’s software (Evolution) and vice-versa. It’s the power of open source and free software. It’s the user who benefits the most.
Saying all this, I have to admit that I realize there is an ever-lasting conflict between security and usability. Every restriction (like having to log in as root in order to install some app) reflects negatively on the user experience. On the other hand however – can we call a system which crashes a few weeks after the installation a usable one? Even the Microsoft guys seem to start realizing it. The new version of their OS – the infamous Vista – is going to have many more restrictions in the default install (or at least the public betas suggest so). I hope that my point about Windows security will become irrelevant by then.
Propagate this post
Subscribe to RSS feed for this article!
12 komentarzy
- A hyperlink: <a href="polishlinux.org">GNU/Linux for everyone!</a>,
- Strong text: <strong>Strong text</strong>,
- Italic text: <em>italic text</em>,
- Strike: <strike>
strike</strike>, - Code: <code>
printf("hello world");</code>, - Block quote: <blockquote>Block quote</blockquote>
Or install those security patches, get a decent firewall / anti-virus software, and enjoy windows!
Don’t get me wrong, I use Linux (Ubuntu Feisty Fawn) as much as I do windows but problems because of doing nothing isn’t really a reason to switch…
I have to agree on your point number 5. Anti Virus Software really is a pain in the neck. But if I don’t install it, my PC might get a virus.
This article contains some good points but I’d say the conclusions you’ve made are somewhat simplified because you didn’t care to give an accurate analysis of how Linux can become as secure as Linux people want it to be.
The fallacy of some of the points you made in the article lies herein – stating that (any) Linux (distro) is secure out-of-the-box is wrong because:
„What’s the difference between the security policy of Microsoft compared to GNU/Linux and even better, BSD systems? It’s the defaults, idiot!”
I’m not an idiot but I’m suggesting that the defaults in Linux distros aren’t always optimized for best security.
It depends on which distro you’re referring to.
Many distros have tons of services up’n runnin by default. Not only are they consuming precious RAM, but some of them are known to have had (or having) security issues.
And if Linux were so secure out-of-the-box, why are there tides of how-to’s on the internet providing the user valuable information on how to harden your linux-box?
What’s the difference between this:
http://www.markusjansson.net/exp.html
and this:
http://www.puschitz.com/SecuringLinux.shtml
The articles are probably equally long and equally elaborate.
My point is, there’s no such thing as a secure OS. OS security is not static. I would definitely put my trust on a WinXP machine with sp2 installed and FW + AV software installed because windows users in general know by now that these actions are mandatory in order to secure their system, than an Ubuntu without firewall and a user that believes in the mantra – „Linux is secure because it’s Linux and I don’t have to do a darn thing to make it more secure! Hey, it’s a Linux!”.
And why are there tons of security applications (snort, tripwire, rkhunter, chkrootkit, aide, selinux, grsecurity, apparmor etc etc) if Linux distro „X” is so much more secure than Windows? And have a look at secunia.org and browse for any Linux distro and you’ll notice that the security advisories for those are not really rare.
Next:
„Firewall is installed and configured by default”
Not true. Again, it depends on which distro you’re referring to. Security focused distros such as Fedora will ask you during the installation whether or not you would like to activate the fw/ip-tables, but it’s not activated per default. *buntu doesn’t even ask if you want to use a firewall, and even if you opt to install a FW after the installation has finished, it will not always start with the boot. How secure is that, thinking that you’re running a FW when you’re not. I know a Slackware based distro, NetSecl, that doesn’t even ask if you want a FW or not – it’s activated by default. Kudos to the developer.
So it really depends on *which* linux distro, not linux distros *in general* when you make a generic statement about firewall based security.
„Forcing the user to log in using an unprivileged account”
Yup, again it depends on the distro. In some, you’re not even encouraged to create an unprivileged account after the installation is done. In Linspire, you’re Root all the way.
„Easy installation of complex security patches, not only to the kernel of the OS but for all installed applications (and the apps tend to have many more holes than the kernel”
And blindly installing all patches will never introduce new bugs and security holes into your system? My impression is that even for Linux, it’s not generally recommended to immediately install all „bleeding” patches since there’s no guarantee that the patches will indeed benefit your system.
For example, upgrading the kernel can sometimes introduce annoying instability issues to your system.
Believe it or not, I am an avid linux user and love the concept of gratis software to everybody and more importantly, the implementation of fine grained security some distros offer to the user, but I wouldn’t dare to recommend any generic linux distro out there to a potential Windows convert by saying stuff like „linux is secure because it’s linux!”. Because that simply isn’t true. It’s way more complicated than that.
We’re talking about an average user who just uses a computer for web surfing,im,webapps,listening to music and simple stuff. In that type of user linux is so much secure to windows out-of-the-box.
A very big proportion of the internet and other big scale private networks rely on linux.Of course security policies must be taken.
Have you used Micro$oft Vi$sta
I disagree in those two points, a think in some ways you’re missing the point the article is just about an average user and I think is so true that windows fuck things up without you doing anything.
What I think about Linux as having a FW autoinstalling itself is rather a secure way for the usual computer user because most novice users would only know about installing AV software mindless of intrusion penetration and attacks that snif through the networks with windows uninstalled FW.I think linux would be the best at the moment for users who comprise of 90% of computer users.
I use deepfreeze. and i don’t get any problems.
Windows security is really bad because, today, it decided that my internet connection was insecure, so Windows Firewall just cut it off. It refused to allow me to access the internet, and then I just checked it as an exception, to allow internet access through that connection, and it worked just fine. That’s one of those problems with Windows, it decides that something should be done and it does it, without telling you and it takes forever to fix it.
span.highlight
{
background-color:yellow
}
What I would probably advise the average computer user (90% of all computer users in the world today) is that they would probably consider & prefer Linux To Windows coz It comes with auto installed FW.Most novice users would probably not consider this as matter of fact that todays computer attacks are generated through malware sniffing software.Novice users probably dont know much about firewalls despite the threats!
I don’t get why Windows won’t make their own antivirus software. They promote other ones but they really should just make their own and preinstall it
I don’t get why Windows won’t make their own antivirus software. They promote other ones but they really should just make their own and preinstall it.
It’s so clear why MSWin don’t promote their Av.for money.Do you thing the MS engineers are so idiots to create a so stupid and shhet system like Microsoft WIndowos OS?
No My friends.When they sale a weak system they get more monney!!!!!!!because the user/server user buy tha antivirus the security packages etc,etc and manny others.a new virus come ,a new antivirus usually is need.problem withe a installed application.ok buy this and so one ….MSWIN isa OS done for getting money only.They don’t care about users/comapny users etc,they care only about the profit.And for this high love of money(do you know they want to patent double click for the mouse evan no one know who invent it?) MsWin will colapse.20 years maximum.I can bet .It’s a system done for stupid common people,but today the comapny need quality so they change to others,Mac Os,Linux,BSd etc.but also the common people start to understand what sheet is MsWIn so they start to migrate to others and they have passion or content.sometime they come back to win because win don’t their mind to work or really is difficult for them.no problem if is difficult but lazy is hardly to accept when you want quality.and quality for linux come from the fact is OPEN,so the user can lear about PC live ,if they like to learn.or they just use and in this case there is not so big diffrence comparing with MSwin.
anyway who used manny different OS can talk and have a opinion ,FAIRLY.WHO DON’T USE better is to keep to mouth closed.
sorry about „stupid common people”I used this for the people that don’t want to change something or to improuve their knowledge.as you can see bellow i used common people for the people that want to do something and I my self I am a common people as millions on the earth.
I complete with this for a clear understnding of what exactly I want to say.
and the true is there are enough of stupid people,as there are common or „guru” in the software world.
and the best example for me without connection with this post about stupid commnon people are the politicians/but this is other problem.actually i hate them enough.evan I myself I have enough skills to enter in political life I don’t do because I don’t like to lie people….